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IN THE SENATE OF THE UNITED STATES 


Mr. King (for himself, Mr. Risen, Ms. Collins, and Mr. Heinrich) intro¬ 
duced the following bill; which was read twice and referred to the Com¬ 
mittee on 


A BILL 

To provide for the establishment of a pilot program to iden¬ 
tify security vulnerabilities of certain entities in the en¬ 
ergy sector. 

1 Be it enacted by the Senate and House of Rep resent a- 

2 hives of the United States of America in Congress assembled, 

3 SECTION 1. SHORT TITLE. 

4 This Act may be cited as the “Securing Energy Infra - 

5 structure Act”. 

6 SEC. 2. DEFINITIONS. 

7 In this Act: 

8 (1) Covered entity. —The term “covered en- 

9 tity” means an entity identified pursuant to section 
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1 9(a) of Executive Order 13636 of February 12, 

2 2013 (78 Fed. Reg. 11742) relating to identification 

3 of critical infrastructure where a cybersecurity inci- 

4 dent could reasonably result in catastrophic regional 

5 or national effects on public health or safety, eco- 

6 nomic security, or national security. 

7 (2) Exploit. —The term “exploit” means a 

8 software tool designed to take advantage of a secu- 

9 rity vulnerability. 

10 (3) Industrial control system.— 

11 (A) In general. —The term “industrial 

12 control system” means an operational tech- 

13 nology used to measure, control, or manage in- 

14 dustrial functions. 

15 (B) Inclusions. —The term “industrial 

16 control system” includes supervisory control 

17 and data acquisition systems, distributed con- 

18 trol systems, and programmable logic or embed- 

19 ded controllers. 

20 (4) National laboratory.—T he term “Na- 

21 tional Laboratory” has the meaning given the term 

22 in section 2 of the Energy Policy Act of 2005 (42 

23 U.S.C. 15801). 

24 (5) Program. —The term “Program” means 


25 


the pilot program established under section 3. 
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1 (6) Secretary. —Tlie term “Secretary” means 

2 the Secretary of Energy. 

3 (7) Security vulne rab ility. —The term “se- 

4 curity vulnerability” means any attribute of liarcl- 

5 ware, software, process, or procedure that could en- 

6 able or facilitate the defeat of a security control. 

7 SEC. 3. PILOT PROGRAM FOR SECURING ENERGY INFRA- 

8 STRUCTURE. 

9 Not later than 60 days after the date of enactment 

10 of this Act, the Secretary shall establish a 2-year control 

11 systems implementation pilot program within the National 

12 Laboratories for the purposes of— 

13 (1) studying the covered entities in the energy 

14 sector that voluntarily participate in the Program to 

15 identify new classes of security vulnerabilities of the 

16 covered entities; and 

17 (2) researching, developing, testing, and imple- 

18 menting technology platforms and standards to iso- 

19 late and defend industrial control systems of covered 

20 entities from security vulnerabilities and exploits in 

21 the most critical systems of the covered entities, in- 

22 eluding— 

23 (A) analog and non-digital control systems; 

24 (B) purpose-built control systems; and 

25 (C) physical controls. 
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1 SEC. 4. WORKING GROUP. 

2 (a) Est ab lishment. —Tlie Secretary shall establish 

3 a working group— 

4 (1) to evaluate the technology platforms and 

5 standards used in the Program under section 3(2); 

6 and 

7 (2) to develop a national cyber-informed engi- 

8 neering strategy to isolate and defend covered enti- 

9 ties from security vulnerabilities and exploits in the 

10 most critical systems of the covered entities. 

11 (b) Membership. —The working group established 

12 under subsection (a) shall be composed of not fewer than 

13 10 members, to be appointed by the Secretary, at least 

14 1 member of which shall represent each of the following: 

15 (1) The Department of Energy. 

16 (2) The energy industry, including electric utili- 

17 ties and manufacturers recommended by the Energy 

18 Sector coordinating councils. 

19 (3)(A) The Department of Homeland Security; 

20 or 

21 (B) the Industrial Control Systems Cyber 

22 Emergency Response Team. 

23 (4) The North American Electric Reliability 

24 Corporation. 

25 (5) The Nuclear Regulatory Commission. 
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1 (6)(A) Tlie Office of the Director of National 

2 Intelligence; or 

3 (B) the intelligence community (as defined in 

4 section 3 of the National Security Act of 1947 (50 

5 U.S.C. 3003). 

6 (7)(A) The Department of Defense; or 

7 (B) the Assistant Secretary of Defense for 

8 Homeland Security and America’s Security Affairs. 

9 (8) A State or regional energy agency. 

10 (9) A national research body or academic insti- 

11 tntion. 

12 (10) The National Laboratories. 

13 SEC. 5. REPORT. 

14 Not later than 2 years after the date on which funds 

15 are first disbursed under the Program, the Secretary shall 

16 submit to the appropriate committees of Congress a final 

17 report that— 

18 (1) describes the results of the Program; 

19 (2) includes an analysis of the feasibility of 

20 each method studied under the Program; and 

21 (3) describes the results of the evaluations con- 

22 ducted by the working group established under sec- 

23 tion 4(a). 
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1 SEC. 6. NO NEW REGULATORY AUTHORITY. 

2 Nothing in this Act authorizes the Secretary or the 

3 head of any other Federal agency to issue new regulations. 

4 SEC. 7. EXEMPTION FROM DISCLOSURE. 

5 Information shared by or with the Federal Govern- 

6 ment or a State, tribal, or local government under this 

7 Act shall be— 

8 (1) deemed to be voluntarily shared informa- 

9 tion; and 

10 (2) exempt from disclosure under any provision 

11 of Federal, State, tribal, or local freedom of infor- 

12 mation law, open government law, open meetings 

13 law, open records law, sunshine law, or similar law 

14 requiring the disclosure of information or records. 

15 SEC. 8. PROTECTION FROM LIABILITY. 

16 (a) In General.—A cause of action against a cov- 

17 ered entity for engaging in the voluntary activities author- 

18 ized under section 3— 

19 (1) shall not he or be maintained in any court; 

20 and 

21 (2) shall be promptly dismissed by the applica- 

22 ble court. 

23 (b) Voluntary Activities.—N othing in this Act 

24 subjects any covered entity to liability for not engaging 

25 in the voluntary activities authorized under section 3. 
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1 SEC. 9. AUTHORIZATION OF APPROPRIATIONS. 

2 (a) Pilot Program. —There is authorized to be ap- 

3 propriated $10,000,000 to carry out section 3. 

4 (b) Working Group and Report. —There is au- 

5 tliorized to be appropriated $1,500,000 to carry out sec- 

6 tions 4 and 5. 

7 (c) Availability. —-Amounts made available under 

8 subsections (a) and (b) shall remain available until ex- 

9 pended. 



